package com.github.gin.springboot.security;

import org.apache.shiro.authc.*;
import org.apache.shiro.web.util.WebUtils;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.util.concurrent.atomic.AtomicInteger;

public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc.FormAuthenticationFilter{

	public static final String DEFAULT_AUTH_MSG_PARAM  = "authMsg";
	
	public static final String DEFAULT_CAPTCHA_PARAM  = "captcha";
	
	public static final String DEFAULT_LOGIN_NAME_PARAM  = "loginName";
	
	public static final Integer DEFAULT_PASSWORD_RETRY_COUNT = 5;
	
	private String authMsgParam = DEFAULT_AUTH_MSG_PARAM;
	
	private String captchaParam = DEFAULT_CAPTCHA_PARAM;
	
	private String LoginNameParam = DEFAULT_LOGIN_NAME_PARAM;
	
	private Integer passwordRetryCount = DEFAULT_PASSWORD_RETRY_COUNT;
	
	
	@Override
	protected AuthenticationToken createToken(ServletRequest request,
                                              ServletResponse response) {
		String loginName = WebUtils.getCleanParam(request,getLoginNameParam());
		char[] password = getPassword(request).toCharArray();
		String host = getHost(request);
		boolean rememberMe = isRememberMe(request);
		String captcha = WebUtils.getCleanParam(request, getCaptchaParam());
		LoginNamePasswordToken token  = new LoginNamePasswordToken(loginName, password, rememberMe, host, captcha);
		return token;
	}

	@Override
	protected boolean onLoginFailure(AuthenticationToken token,
                                     AuthenticationException e, ServletRequest request,
                                     ServletResponse response) {
		 String className = e.getClass().getName();
		 String errorMsg = null;
		 
		 AtomicInteger retryCount = RetryLimitSimpleCredentialsMatcher.get();
		 
		 int rc = getPasswordRetryCount();
		 if(retryCount != null){
			 rc -= retryCount.get();
		 }
		 
		 if(UnknownAccountException.class.getName().equals(className)){
			 errorMsg = "用户名或密码错误！还有"+rc+"次机会";
		 } else if(IncorrectCredentialsException.class.getName().equals(className)){
			 errorMsg = "用户名或密码错误！还有"+rc+"次机会";
		 } else if(ExcessiveAttemptsException.class.getName().equals(className)){
			 errorMsg = "密码输入失败超过5次，请稍后再试...";
		 } else if(LockedAccountException.class.getName().equals(className)){
			 errorMsg = "账号现在不可用...";
		 } else {
			 errorMsg = "系统出现问题！请稍后再试...";
		 }
	     request.setAttribute(getFailureKeyAttribute(), className);
	     request.setAttribute(getAuthMsgParam(), errorMsg);
		return true;
	}

	@Override
	protected void issueSuccessRedirect(ServletRequest request,
			ServletResponse response) throws Exception {
		WebUtils.issueRedirect(request, response, getSuccessUrl(), null, true);
	}

	public String getCaptchaParam() {
		return captchaParam;
	}

	public void setCaptchaParam(String captchaParam) {
		this.captchaParam = captchaParam;
	}

	public String getLoginNameParam() {
		return LoginNameParam;
	}

	public void setLoginNameParam(String loginNameParam) {
		LoginNameParam = loginNameParam;
	}

	public String getAuthMsgParam() {
		return authMsgParam;
	}

	public void setAuthMsgParam(String authMsgParam) {
		this.authMsgParam = authMsgParam;
	}

	public Integer getPasswordRetryCount() {
		return passwordRetryCount;
	}

	public void setPasswordRetryCount(Integer passwordRetryCount) {
		this.passwordRetryCount = passwordRetryCount;
	}

	
	
}
